Next Page >>
OS X
ACE 2.6.x Windows not affected
ACE 2.5.x Windows 2.5.4 build 246459 or later
Server 2.x any 2.0.2 build 203138 or later
Fusion 3.x Mac OS/X not affected
Fusion 2.x Mac OS/X 2.0.6 build 246742 or later
ESXi 4.0 ESXi ESXi400-201002402-BG
ESXi 3.5 ESXi ESXe350-200912401-T-BG or later
ACE 2.6.x Windows not affected
ACE 2.5.x Windows 2.5.4 build 246459 or later
Server 2.x any 2.0.2 build 203138 or later
Fusion 3.x Mac OS/X not affected
Fusion 2.x Mac OS/X 2.0.6 build 246742 or later
ESXi 4.0 ESXi ESXi400-201002402-BG
ESXi 3.5 ESXi ESXe350-200912401-T-BG or later
ACE 1.x Windows 1.0.8 build 125922 or later
Server 2.x any 2.0.1 build 156745 or later
Server 1.x any 1.0.8 build 126538 or later
Fusion 2.x Mac OS/X 2.0.1 build 128865 or later
Fusion 1.x Mac OS/X upgrade to at least 2.0.1
ESXi 3.5 ESXi ESXe350-200811401-O-SG
ESX 3.5 ESX ESX350-200811401-SG
AMS any any not affected
Server 2.0.2 Linux affected, no patch planned
Server 2.0.2 Windows not affected
Fusion 3.1.x Mac OS/X 3.1.2 Build 332101 or later
Fusion 2.x Mac OS/X not affected
ESXi any ESXi not affected
ESX any ESX not affected
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 31, 2008
I. BACKGROUND
Mac OS X is a Unix operating system built from the XNU kernel. Mac OS X
provides all the standard Unix capabilities and tools with an
additional GUI component. For more information, see the vendor's site
found at the following link URL.
http://www.apple.com/macosx/
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
http://risesecurity.org/advisory/RISE-2007004/
Published: November 16, 2007
Updated: November 16, 2007
INTRODUCTION
ACE 1.x Windows 1.0.7 build 108880 or later
Server 1.x Windows 1.0.7 build 108231 or later
Server 1.x Linux not affected
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX any ESX not affected
http://labs.idefense.com/intelligence/vulnerabilities/
May 12, 2009
I. BACKGROUND
Mac OS X is a computer operating systems available from Apple Inc. OS X
is the tenth major version of Apple's operating system for Macintosh
computers and is Unix-based.
For more information, see the vendor's site found at the following link.
generic profiles.
4. *Vulnerable packages*
. Apple Mac OS X 10.7.x
. Apple Mac OS X 10.6.x
. Apple Mac OS X 10.5.x
5. *Non-vulnerable packages*
| |-----------+----------------------------|
| Arbitrary Program | | * All versions in major |
| Execution | | releases other than |
| Vulnerability | Linux, | 2.5.x and 3.0.x. |
| | Apple | * 2.5.x releases prior |
| | MacOS X | to 2.5.3041 |
| | | * 3.0.x releases prior |
| | | to 3.0.629 |
|-------------------+-----------+----------------------------|
| | Microsoft | All versions prior to |
| Local Privilege | Windows | 2.3.254 |
ACE 2.5.x any 2.5.3 build 185404 or later
Server 2.x any patch pending
Server 1.x any patch pending
Fusion 2.x Mac OS/X not affected
Fusion 1.x Mac OS/X not affected
ESXi 4.0 ESXi not affected
ESXi 3.5 ESXi not affected
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari for Windows, Mac OS X and iPhone.
The flaw is caused due to a use-after-free error in WebKit when
rendering HTML buttons, which could be exploited by attackers to
execute arbitrary code via a specially crafted web page.
I. BACKGROUND
The mount_smbfs utility is used to mount a remote SMB share locally. It
is installed set-uid root, so as to allow unprivileged users to mount
shares, and is present in a default installation on both the Server and
Desktop versions of Mac OS X. For more information visit the following
URL.
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/mount_smbfs.8.html
II. DESCRIPTION
Apple Preview.app is the default application used in Apple MacOS systems in order to visualize PDF files and does not properly parse PDF files, which leads to memory corruption when opening a malformed file with an invalid size on JBIG2 structure at offset 0x2C1 as in PoC Repro1.pdf or offset 0x2C5 as in PoC Repro2.pdf (both values trigger the same vulnerability).
This problem was confirmed in the following versions of Apple Preview and MacOS, other versions may be also affected.
Apple Mac OS X 10.5.8 (Server as well)
Apple Mac OS X 10.6.2 (Server as well)
Apple Mac OS X 10.6.3 (Server as well)
Apple Mac OS X 10.6.4 (Server as well)
CVSS Scoring System
The Apple Type Services is prone to memory corruption due a sign
mismatch vulnerability when handling the last offset value of the
CharStrings INDEX structure.
This vulnerability could be used by a remote attacker to execute
arbitrary code, by enticing the user of Mac OS X v10.5.x to view or
download a PDF document containing a embedded malicious CFF font
(Compact Font Format [1]).
This vulnerability is a variation of the vulnerability labeled as
CVE-2010-1797 (FreeType JailbreakMe iPhone exploit variation).
Works on:
* Windows XP SP2: Internet Explorer 6 / Flash Player 9.0.47.0
* Windows XP SP2: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Windows XP SP2: IE 7.0.5730.11 Flash Player 9.0.47.0
* Ubuntu Edgy: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 2.0.4 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 3.0.2 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Firefox 2.0.0.6 / Flash Player 9.0.47.0
* Solaris 10 i86: Firefox 2.0.0.3 / Flash Player 9.0.47.0
Doesn't work as expected on:
* Mac OSX 10.4.10: Opera 9.22 / Flash Player 9.0.47.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Mac OS X TIOCSETD IOCTL Kernel
Memory Corruption Vulnerability
Advisory ID: TKADV2007-001
Revision: 1.0
Release Date: 2007/11/15
Last Modified: 2007/11/15
Date Reported: 2007/03/19
Product Description
- -------------------
- From [1]:
"Beneath the appealing, easy-to-use interface of Mac OS X is a rock-solid,
UNIX-based foundation that is engineered for stability, reliability, and
performance. The kernel environment is built on top of Mach 3.0 and provides
high-performance networking facilities and support for multiple, integrated
file systems."
Nov 14, 2007
I. BACKGROUND
Mach ports are used to provide inter-process communication (IPC)
facilities on Mac OS X. More information can be found on the vendor's
site at the following URL.
http://developer.apple.com/documentation/Darwin/Conceptual/KernelProgramming/boundaries/chapter_14_section_4.html
II. DESCRIPTION
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used. More information can be found at the following URL.
http://docs.info.apple.com/article.html?artnum=50039
II. DESCRIPTION
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used. More information can be found at the following URL.
http://docs.info.apple.com/article.html?artnum=50039
II. DESCRIPTION
I. BACKGROUND
AppleTalk, a set of networking protocols developed by Apple, was
originally implemented on early Mac operating systems. Although it is a
legacy protocol, it is still supported on the latest version of Mac OS
X. AppleTalk is compiled into the default kernel, but must be turned on
in order to be used.
ASP, as its name implies, is a Session Layer protocol that is used by
the AppleTalk File Sharing protocol to establish connections with a
peer. More information can be found at the following URL.
3. *Vulnerability Description*
CUPS [1] provides a portable printing layer for UNIX based operating
systems. It was developed by Easy Software Products and it is now owned
and maintained by Apple Computer Inc. to promote a standard printing
solution. It is the standard open source printing system for Mac OS X
and other UNIX-like operating systems.
A flaw has been identified in CUPS, when handling the
'IPP_TAG_UNSUPPORTED' tag, which could be exploited by attackers to
cause a remote pre-authentication denial of service.
Hijacking Safari 4 Top Sites with Phish Bombs
II. VULNERABLE
-------------------------
Safari 4 all versions < 4.0.3
Platforms affected - Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X
v10.5.7, Mac OS X Server v10.5.7, Windows XP and Vista
III. BACKGROUND
-------------------------
Safari is a web browser developed by Apple Inc. It is the default browser in
nothing new, having been covered extensively by Maximilian Dornseif
(2004 and 2005) and more recently by Adam Boileau (2006 and 2008).
Unfortunately the tools released as part of these disclosures (pyfw,
pythonraw1394 and winlockpwn) have all started to succumb to bit rot. In
addition, there has been comparative lack of research on the
vulnerabilities of Mac OS X against FireWire attacks.
Therefore I would like to share my updated research in the field. This
includes a open source cross platform (GNU/Linux and Mac OS X) library,
libforensic1394, for performing memory forensics/attacks over FireWire
and a paper on the subject. (Although written from a forensics
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
Date:
- - Dis.: 07.05.2009
- - Pub.: 08.01.2010
Apple Mac OS X mDNSResponder HTTP Request Heap Overflow Vulnerability
iDefense Security Advisory 08.07.07
http://labs.idefense.com/intelligence/vulnerabilities/
Aug 07, 2007
I. BACKGROUND
mDNSResponder is part of the Bonjour suite of applications. Bonjour is
used to provide automatic and transparent configuration of network
ACE 1.x Windows 1.0.5 build 79846 or later
Server 1.x Windows 1.0.5 build 80187 or later
Server 1.x Linux 1.0.5 build 80187 or later
Fusion 1.x Mac OS/X not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX not affected
ESX 3.0.2 ESX ESX-1004727
============
DragonFlyBSD 1.12.0 is the first BSD operating system to roll out a
solution to the IPv4 issue as part of the official version.
Apple MacOS X 10.5.2, MacOS X Server 10.5.2, Darwin 9.2
(all sharing the same kernel: xnu-1228.3.13)
=======================================================
Apple did NOT fix the predictable IP ID issue in its products
(in Leopard 10.5.2).
Notice that if you already updated your iPhone with iOS4, our exploits
for this particular vulnerability would not work anymore.
( search for "CVE-2010-1752" here: http://support.apple.com/kb/ht4225 )
But, thanks to our proof of concepts (client-side attacks), it was not
only possible to abuse the iPhone devices, but also any current Mac OS X
( Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through
v10.6.4, Mac OS X Server v10.6 through v10.6.4 ).
Hopefully, this week, Apple released many interesting security patches
for Mac OS X, and one of them will allow Mac end users to avoid those
Next Page>>
|
